web analytics

Social Engineering Defense – An Emerging Career – Source: www.databreachtoday.com

social-engineering-defense-–-an-emerging-career-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Professional Certifications & Continuous Training
,
Training & Security Leadership

Help Organizations Build Robust Defenses Against Human-Centric Threats

Brandy Harris


July 17, 2024    

Social Engineering Defense - An Emerging Career
Image: Getty Images

As the digital landscape evolves, so do the tactics used by cybercriminals. Social engineering, which involves manipulating individuals into divulging confidential information or performing actions that compromise security, is a significant threat, and it includes large-scale operations orchestrated by nation states aimed at influencing public opinion, destabilizing economies and compromising national security. These growing concerns are creating a new career niche within cybersecurity focused on combating social engineering.

See Also: 5 Requirements for Modern DLP

The Need for Social Engineering Defense

Social engineering attacks exploit human psychology rather than technical vulnerabilities, and that makes them particularly challenging to defend against. These attacks can have severe consequences, including data breaches, financial losses and compromised national security. High-profile incidents, such as election interference and corporate espionage, highlight the urgent need for specialized professionals who can anticipate, identify and mitigate these threats.

As organizations recognize the importance of addressing human-centric security risks, the demand for experts in social engineering defense is expected to rise, but training programs have not caught up. None of the programs listed on Intelligent.com’s list of the top 10 bachelor of science cybersecurity programs in the country require even a basic psychology course, and neither did any of the programs ranked by U.S. News and World Report. Without a structured program that specializes in combating social engineering, career seekers who want to be ahead of the demand curve will need to forge their own path.

Essential Skills for Social Engineering Defense

To excel in this field, professionals need a diverse skill set that spans technical knowledge, behavioral insights and communication abilities. There are many avenues available to educate yourself. No matter which you choose, the recommended formal training includes fundamental cybersecurity and networking, adult education, behavioral psychology and persuasive communication, such as speech and marketing. Here are some of the key skills required:

  • Understanding of social engineering tactics: Familiarity with various social engineering techniques, such as phishing, pretexting, baiting and tailgating.
  • Behavioral psychology: Knowledge of human behavior and psychology to understand how attackers manipulate individuals and be able to develop effective countermeasures.
  • Risk assessment: Ability to assess human vulnerabilities within an organization and identify potential targets for social engineering attacks.
  • Incident response: Skills in managing and responding to social engineering incidents, including forensic analysis and recovery strategies.
  • Communication and training: Proficiency in creating and delivering human risk management training programs to educate employees about the risks and signs of social engineering.
  • Analytical thinking: Strong analytical skills to think like an adversary, evaluate social engineering threats and develop strategies to mitigate them.

Potential Employers

Professionals who specialize in social engineering defense can find opportunities across various sectors. Here are some potential employers:

  • Financial institutions: Banks and financial services firms are attractive targets for bad actors because of the volume of sensitive customer information and financial assets they protect.
  • Healthcare organizations: Hospitals and healthcare providers need to follow strict regulatory guidelines and are also rich targets.
  • Government agencies: Federal, state and local governments need specialists to protect national security and public interests from social engineering attacks.
  • Large corporations: Enterprises that have significant amounts of intellectual property and customer data to protect are likely to invest in social engineering defense.
  • Cybersecurity firms: Companies that provide security services to other businesses often need experts in social engineering.
  • Social media platforms: Due to their vast user bases and influence, social media platforms are increasingly used for social engineering attacks and therefore need dedicated experts to maintain platform integrity and safeguard user data.

Professionals who specialize in social engineering defense can play a crucial role in protecting organizations from sophisticated attacks and helping them build robust defenses against the many human-centric threats that continue to evolve in our digital world.

Original Post url: https://www.databreachtoday.com/blogs/social-engineering-defense-emerging-career-p-3670

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Secure Software Development Lifecycle Fundamentals by Codrut Andrei
Secure Software Development Lifecycle Fundamentals...
BUTTERWORTH-HEINEMANN
Security Operations Center Guidebook – A Practical Guide for a Successful SOC
Security Operations Center Guidebook –...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
National Cyber Security
Cyber Security Toolkit for Boards – Helping board members to get to grips with cyber security by NCSC
Cyber Security Toolkit for Boards...
WILEY
Cybercrime Investigators Handbook by WILEY
Cybercrime Investigators Handbook by WILEY
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST...
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of...
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity...
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat...
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief...
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES

More Latest Published Posts

SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate